Results 1 to 4 of 4

Thread: need help regarding spam protection and authentication

Threaded View

  1. #1
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    8

    Default need help regarding spam protection and authentication

    Hi,

    I found strange thing in my zimbra.log and mailboxd.log.

    One of our user abc@example.com.

    For this user i got the authentication logs as below :

    ###########################################

    2009-08-19 12:08:47,589 INFO [Pop3Server-6533] [name=abc@example.com;ip=177.17.218.29;] pop - user abc@example.com authenticated, mechanism=login
    2009-08-19 12:08:48,057 INFO [Pop3Server-6533] [name=abc@example.com;ip=177.17.218.29;] pop - quit from client
    2009-08-19 13:28:29,847 INFO [Pop3Server-8360] [name=abc@example.com;ip=122.132.111.218;] pop - user abc@example.com authenticated, mechanism=login
    2009-08-19 13:28:29,948 INFO [Pop3Server-8360] [name=abc@example.com;ip=122.132.111.218;] pop - quit from client

    ##############################################


    Here its showing two IP addresses 177.17.218.29 and 122.132.111.218. and its keep getting toggle between this IPs. In this logs its showing "pop - quit from client " What it mean ?? why its continously changing the IP address ?

    ################################################


    And in zimbra.log I am getting below logs for the same user which is trying to send mail to itself and one another user of the same domain which is SPAM and got discarded....but its showing different IP in this logs...which i didnt get in in audit.log or mailboxd.log....


    Aug 18 14:28:08 mail amavis[26966]: (26966-20) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20090818T132825-26966: <abc@example.com> -> <cde@example.com>,<abc@example.com> SIZE=2704 Received: from example.com ([127.0.0.1]) by localhost (example.com[127.0.0.1]) (amavisd-new, port 10024) with ESMTP; Tue, 18 Aug 2009 14:28:08 +0530 (IST)
    Aug 18 14:28:08 mail amavis[26966]: (26966-20) Checking: ZNHpduUMTnrn [89.78.49.127] <abc@example.com> -> <cde@example.com>,<abc@example.com>
    Aug 18 14:28:13 mail amavis[26966]: (26966-20) SPAM, <abc@example.com> -> <cde@example.com>,<abc@example.com>, Yes, score=23.19 tag=-10 tag2=6.6 kill=13.2 tests=[BAYES_99=3.5, HTML_IMAGE_ONLY_24=1.552, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, ONLINE_PHARMACY=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SUBJECT_NEEDS_ENCODING=0.001, SUBJ_ILLEGAL_CHARS=1.586, TVD_VISIT_PHARMA=0.001, URIBL_AB_SURBL=1.86, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501, URIBL_OB_SURBL=1.5, URIBL_WS_SURBL=1.5], autolearn=spam
    Aug 18 14:28:13 mail amavis[26966]: (26966-20) Blocked SPAM, [89.78.49.127] [98.78.49.111] <abc@example.com> -> <cde@example.com>,<abc@example.com>, Message-ID: <3108XGQ.7401BCC60A.996339454636KATSVFCQQVCAKIQ340 @chello089078049127.chello.pl>, mail_id: ZNHpduUMTnrn, Hits: 23.19, size: 2698, 5487 ms
    Aug 18 14:28:13 mail postfix/smtp[18495]: 7BFEBD4048: to=<cde@example.com>, orig_to=<abc@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.4, delays=0.87/0/0/5.5, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26966-20 - SPAM)


    ########################################


    here its Ip adddress is 98.78.49.111 ...!!!! and every day i ma getting similar type of logs with different IP address...

    IS anyone trying to send spma using this email id WITHOUT AUTHENTICATION ?? is it possible ??

    We are not using TLS authentication...do we need to switch over to TLS from clear text authentication ?

    please help me to understand why this is happening and suggest.


    Thanks.
    Last edited by chandu; 08-25-2009 at 09:29 AM.

Similar Threads

  1. Spam problem on a new installation
    By SamTzu in forum Administrators
    Replies: 20
    Last Post: 07-17-2009, 08:27 AM
  2. SMTP authentication for local emails
    By extremal in forum Administrators
    Replies: 3
    Last Post: 01-13-2009, 02:51 AM
  3. SMTP authentication for zimbra postfix
    By Vivek k c in forum Administrators
    Replies: 14
    Last Post: 11-18-2008, 08:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •